1password

What This Skill Does

The 1Password (op) skill provides a secure, streamlined interface for the OpenClaw agent to interact with the 1Password CLI. Designed for developers and power users, this skill allows the agent to authenticate, retrieve secrets, and inject environment variables directly into shells or processes without exposing sensitive credentials in plain text. It mandates the use of isolated tmux sessions for every operation, ensuring that authentication flows and secret access remain encapsulated and secure. By leveraging the official 1Password CLI, this skill minimizes the risk of credential leakage while maximizing automation efficiency.

Installation

To integrate the 1Password skill into your environment, run the following command in your terminal: clawhub install openclaw/openclaw/skills/1password

Ensure that you have the 1Password desktop application installed and the command-line interface (op) configured in your system PATH. The skill automatically manages session sockets, so no manual configuration of tmux environments is required, provided the tmux utility is available on your system.

Use Cases

• Automated Secret Injection: Use op run -- [command] or op inject to populate sensitive API keys or database credentials into development environments without saving them to .env files.
• Multi-Account Management: Seamlessly switch between personal and enterprise 1Password vaults using the --account or OP_ACCOUNT flags.
• Vault Auditing: Quickly list vaults, retrieve secret metadata, or verify account authentication status using the op whoami and op vault list commands.
• Script Orchestration: Securely fetch credentials for CI/CD tasks or local deployment scripts that require ephemeral access to production secrets.

Example Prompts

1. "OpenClaw, please use the 1Password skill to retrieve the API key for our staging environment and inject it into the current build command."
2. "Can you check if I am currently signed in to my work 1Password account and list the vaults available to me?"
3. "Please run the deploy script using op run so that it can access the encrypted credentials from my 'DevOps' vault."

Tips & Limitations

• Security First: Never instruct the agent to echo or print secret values to the conversation logs. Always rely on op run or op inject to keep secrets in memory.
• Tmux Requirement: All op commands must be executed within a tmux session created by the skill. If the agent reports a session failure, verify that tmux is installed.
• App Integration: Ensure the 'Integrate with 1Password CLI' option is enabled in your 1Password desktop application settings to allow for biometric or desktop-based sign-in prompts.
• Persistence: Because the skill uses fresh socket sessions for every task, authentication does not persist globally; always be prepared to authenticate via the desktop app prompt when requested by the agent.